ci(deps): group codeql-action sub-action updates in dependabot#1129
ci(deps): group codeql-action sub-action updates in dependabot#1129madhavilosetty-intel wants to merge 2 commits into
Conversation
github/codeql-action/{init,analyze,autobuild,upload-sarif} are released in
lockstep from one repo but land as separate dependabot PRs. Group them so
each bump opens a single PR.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1129 +/- ##
=======================================
Coverage 43.54% 43.54%
=======================================
Files 143 143
Lines 13621 13621
=======================================
Hits 5931 5931
Misses 7126 7126
Partials 564 564 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Updates Dependabot configuration to reduce noise from GitHub CodeQL action version bumps by grouping the github/codeql-action sub-action updates into a single PR, aligning with how those sub-actions are released in lockstep.
Changes:
- Add a Dependabot
groupsrule under thegithub-actionsecosystem updates. - Group all
github/codeql-action*dependencies into one Dependabot PR.
graikhel-intel
left a comment
There was a problem hiding this comment.
LGTM. We first tested this change in RPS by merging device-management-toolkit/rps#2814
After that PR was merged, Dependabot correctly grouped the remaining CodeQL Action updates into a single follow-up PR: https://github.com/device-management-toolkit/rps/pull/2816/changes
github/codeql-action/{init,analyze,autobuild,upload-sarif} are released in lockstep from one repo but land as separate dependabot PRs. Group them so each bump opens a single PR.